If you haven’t already checked it out, you can browse the book through Amazon’s Page Viewer. For the first time in print, we provided an in-depth coverage of attacking and exploiting WiFi as well as ZigBee, Bluetooth and DECT technology in the approachable and understandable Hacking Exposed style.

Be sure to check out our companion website to grab the online content and associated files for download.

If you haven’t already checked out Steve’s course, I highly recommend it. In just a few days, he has been turning students into exploit developers, using hands-on labs to reinforce focused training materials. The new day of fuzzing material also gives students training on the tools and techniques for software fault testing using canned and custom fuzzing tools. A quick sampling of topics includes:

Why fuzzing is needed for security, and how it can be used by Quality Assurance teams, software developers, vendors and penetration testers

Fuzzing opportunities and common software developer mistakes to target

Effective fuzzing through code coverage analysis using available source or closed binaries

In-depth coverage on building custom fuzzers with Sulley

If I had to pick, I’d say the best part of the new day are the lab exercises. In the labs, you’ll use a variety of tools including Taof, Gcov/Lcov, Paimei with Pstalker, IDA Pro with the idapython plugin, the Sulley fuzzing framework and a bunch more. In the labs, you’ll definitely find interesting and useful bugs that, at the end of Steve’s course, you’ll be writing exploits for.

As always, I’m more than happy to any answer questions about this day of material. I’ll also try to answer questions about the entire course, though I may defer you to Steve. In the meantime, check out the description and sample topics. Also, my thanks to Steve for the chance to contribute to his awesome course.

Tom Liston is a unique individual. Not only is he technically skilled in many areas, but he has the Kurt Vonnegut gift of being able to write a story that both delivers a message and keeps you entertained with simple sentences (oh, and teaches you a thing or two about malware analysis).

Follow the Bouncing Malware (FTBM) is a great series of articles Tom has published at the Incident Storm Center. Some are a little cheeky, but if you had met Tom you’d think they fit him perfectly. Be sure and check out the latest installment, Follow the Bouncing Malware: Gone With the WINS and pick up some tidbits on malware, Windows 2003 systems getting pwned and pr0n.

Over the last several months I had the pleasure of working with Ed Skoudis and Kevin Johnson in presenting a trilogy of webcasts titled the Pen Test Perfect Storm where we talk about techniques to combine network, web app and wireless pen testing. By combining these components of classic pen-tests, we are able to more effectively test the network for threats and dig deeper into an organization. Check out the slides and links to the webcast archives here: